Koozali.org: home of the SME Server
Contribs.org Forums => Koozali SME Server 10.x => Topic started by: mophilly on December 30, 2021, 10:07:17 PM
-
I recently set up SME 10 as a new email host. Today a client sent me the response from yahoo.com he got when he tried to send me another email earlier today. The earlier one was a reply to one I sent and the later one is a forward.
So I am needing to figure this out. Any ideas or suggestions are very welcome.
Happy new year!
-
Going to need a lot more detail on your server, and the exact Yahoo mail error.
You can test your server via various online services.
But as it stands this is all far too vague.
-
Sorry about the vague post. I am starting at the top of the investigation path as there is only one error report of this kind. The SME server involved is handling thousands of email with no similar reports. I will add to this post as I dig out relevant detail.
-
So on 29 DEC 2021, yahoo sent this message to a colleague when he replied to an email I sent to him.
<my email address>: 550: Mail from HELO sonic307-10.consmr.mail.ne1.yahoo.com rejected because it Error: open resolver
My email address is working, and this kind of response from an entity like yahoo bugs me. So, I have been digging through articles about qmail and so on. A search of the logs on my server did not help; obviously the email sent to me never reached my server.
As I searched for clues and inspiring tips, I noticed that some email I have sent was not being received. Most was going out fine, but a few didn't make it. Back to my server logs. I found this:
(rcpt) check_goodrcptto: recipient mybuddy@gmail.com denied
(deny) logging::logterse: ` xxx.xxx.xxx.xxx wsip-xxx-xxx-xxx.xxx.sd.sd.cox.net smtpclient.apple <myemail@mydomain.com> check_goodrcptto 901 relaying denied mybuddy@gmail.com msg denied before queued
550 relaying denied mybuddy@gmail.com
Of course, "mybuddy@gmail.com" is a placeholder for the real, and valid, email address.
This may not have anything to do with yahoo's 550 message, but then I don't know at this point. I further assume that the problem is very likely something I did... because I am not shy about modifying my servers, at least until SME becomes self-aware like Martha Wells' "Murderbot" and stops me.
-
One thing at a time.
The apple issue you have raised in Rocket. I can't remember the outcome. Configuration or patch?
But I don't think it is related to the Yahoo issue.
Yahoo. That is a weird one.
Searched for:
550 "Error: open resolver"
https://duckduckgo.com/?q=550+%22Error%3A+open+resolver%22&t=ffab&ia=web
Found this. Just wondering if Yahoo got blocked due to a blocked spamhaus query by your SME?
https://community.sophos.com/utm-firewall/f/mail-protection-smtp-pop3-antispam-and-antivirus/129905/open-resolver-spamhaus
First, check the incoming mail from them and see if it is getting blocked and check any errors - watch the logs as he sends.
Next, are you using alternative DNS for your server eg Google or OpenDNS?
There is a thread here on using PiHole and ways to deal with this.
-
your line says that the mail to your buddy was denied because it does not allow relay.
SME does not allow relay if your are not authentified.
suspect your client was trying to sent unauthentified like it was possible on lan in the past.
-
1. The apple issue you have raised
-- The Apple mail.app sends an invalid HELO, as evidenced by this in this log:
dispatching EHLO smtpclient.appleApple said it not a problem for them and there is nothing to fix. :?
2. I agree that yahoo is the source of the issue, not SME 10. ReetP wrote "Just wondering if Yahoo got blocked due to a blocked spamhaus query by your SME?" That is possible but I am not sure where to look for that.
3. First, check the incoming mail from them
-- I looked in the logs on SME. There are a good number of inbound email from yahoo passing muster on SME, but no sign of the email from my buddy.
4. are you using alternative DNS for your server eg Google or OpenDNS?
-- No. SME is set to its default for DNS.
5. There is a thread here on using PiHole
-- I will look into this
6. your line says that the mail to your buddy was denied because it does not allow relay. SME does not allow relay if you are not authenticated.
-- Understood. This seems odd because the 550 message was issued by yahoo and the notice sent to my buddy.
---- The flow of notes: I sent a note to my buddy. He replied to it. Yahoo complained, did not send the reply to me and returned a notice to my buddy.
As ReetP pointed out, there is more than one issue in this one post. I apologize for that.
1. yahoo's "open resolver" complaint
2. The check_goodrcptto: recipient mybuddy@gmail.com denied I found in the mail log.
Re: 1. I am going to check with my colleague who uses yahoo to see if he can replicate the alert. He is not at all technical.
Re: 2. I am continuing to research this. I don't understand what SME is telling me.
-
in what log is check_goodrcptto refusal?
show us a full transaction with this issue. with only pieces of info we can just give pieces if answers
-
in what log is check_goodrcptto refusal?
qpsmtpd.log
show us a full transaction with this issue. with only pieces of info we can just give pieces if answers
[/quote]
Here is one from 5 JAN 21.
29647 Accepted connection 0/40 from yy.yyy.yyy.yyy / wsip-xx-xxx-xxx-xxx.sd.sd.cox.net
29647 Connection from wsip-xx-xxx-xxx-xxx.sd.sd.cox.net [yy.yyy.yyy.yyy]
29647 (connect) karma: karma 1 (1)
29647 (connect) karma: pass, no penalty (0 naughty, 92 nice, 435 connects)
29647 (connect) earlytalker: skip, karma 92
29647 (connect) relay: skip, no match
29647 (connect) dnsbl: pass
29647 220 myserver.mydomain.com ESMTP
29647 dispatching EHLO smtpclient.apple
29647 (ehlo) whitelist: karma 5 (6)
29647 (ehlo) whitelist: helo host smtpclient.apple in whitelisthelo
29647 250-mydomain.com Hi wsip-xx-xxx-xxx-xxx.sd.sd.cox.net [yy.yyy.yyy.yyy]
29647 250-PIPELINING
29647 250-8BITMIME
29647 250-SIZE 30000000
29647 250 STARTTLS
29647 dispatching STARTTLS
29647 220 Go ahead with TLS
29647 (unrecognized_command) tls: TLS setup returning
29647 dispatching EHLO smtpclient.apple
29647 (ehlo) whitelist: karma 5 (11)
29647 (ehlo) whitelist: helo host smtpclient.apple in whitelisthelo
29647 250-mydomain.com Hi wsip-xx-xxx-xxx-xxx.sd.sd.cox.net [yy.yyy.yyy.yyy]
29647 250-PIPELINING
29647 250-8BITMIME
29647 250-SIZE 30000000
29647 250 AUTH PLAIN LOGINnowata
29647 dispatching MAIL FROM:<myaccount@mydomain.com>
29647 (mail) resolvable_fromhost: pass, mydomain.com has MX at myserver.mydomain.com
29647 (mail) rhsbl: pass
29647 (mail) sender_permitted_from: skip, tolerated, none, mydomain.com: No applicable sender policy available
29647 (mail) naughty: pass
29647 250 <myaccount@mydomain.com>, sender OK - how exciting to get mail from you!
29647 dispatching RCPT TO:<mybuddy@gmail.com>
29647 (rcpt) badrcptto: pass
29647 (rcpt) check_goodrcptto: stripping '-' extensions
29647 (rcpt) check_goodrcptto: recipient mybuddy@gmail.com denied
29647 (deny) logging::logterse: ` yy.yyy.yyy.yyy wsip-xx-xxx-xxx-xxx.sd.sd.cox.net smtpclient.apple <myaccount@mydomain.com> check_goodrcptto 901 relaying denied mybuddy@gmail.com msg denied before queued
29647 550 relaying denied mybuddy@gmail.com
29647 dispatching DATA
29647 503 RCPT first
29647 dispatching QUIT
29647 221 mydomain.com closing connection. Have a wonderful day.
29647 click, disconnecting
29647 (disconnect) karma: positive, (msg: 11, his: 92)
-
Regarding the original post; my colleague has not been able to replicate the "open resolver" issue. So, the latest update for SME 10 appears to have set things right, or the original problem was a one off thing.
Regarding the check_goodrcptto comments, I am reviewing that again and will file a submit a report with details to bugzilla.
-
Your bug.
https://bugs.koozali.org/show_bug.cgi?id=11851
Please check that check_goodrcptto plugin - I'm not sure why you are using it.